using System;
using System.Text.RegularExpressions;

namespace Dan.Common.Extend
{
    public class SqlExtend
    {
        /// <summary>
        /// 检测是否有Sql危险字符
        /// 没有返回true
        /// </summary>
        /// <param name="str">要判断字符串</param>
        /// <returns>判断结果</returns>
        public static bool IsSafeSqlString(string str)
        {
            return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']");
        }
        
        /// <summary>
        /// check string contains sql
        /// </summary>
        /// <param name="str"></param>
        /// <returns></returns>
        public static bool ValidateSql(string[] str)
        {
            for (int x = 0; x < str.Length; x++)
            {
                if (!string.IsNullOrEmpty(str[x]))
                {
                    string word = @"*|and|or|exec|insert|exists|drop|select|delete|update|count|master|truncate|declare|char(|mid(|chr(|'";
                    foreach (string i in word.Split('|'))
                    {
                        if ((str[x].ToLower().IndexOf(i + " ", StringComparison.Ordinal) > -1) || 
                            (str[x].ToLower().IndexOf(" " + i, StringComparison.Ordinal) > -1))
                            return true;
                    }
                }
            }
            return false;
        }
    }
}